Joint Solution Brief

Securing the Software Defined Data Center

The Challenge
Perimeter-focused security architectures
and controls have failed. Despite increasing
investments in security, a new model is
needed. The ever-growing use of virtualized
infrastructure and the increase in targeted
attacks mean enterprises need help
detecting and responding to threats before
they do damage to the business.

Integrated Solution
RSA Security Analytics is a network
security monitoring and investigation
platform that combines logs, network
packets and NetFlow, and end-point
visibility to provide complete visibility to
detect, investigate, and take targeted action
against even the most advanced of attacks.
Gigamons GigaSECURE Security Delivery
Platform provides complete access to the
traffic data Security Analytics needs.

Joint Solution Benefits

Detect APTs through lateral movement
within East-West traffic even when it
doesnt touch the physical network
Full visibility of virtual and physical
network traffic managed by a single
console and correlated within one
security tool
Fully integrated with VMware vCenter
to extend visibility policies for inter-host
VM traffic
Automated migration of VM-level
monitoring policies when vMotion is
detected
Filter and monitor virtual and physical
traffic using Adaptive Session Filtering
Monitor and analyze unsampled
NetFlow data generated by the
GigaSECURE platform

2014-2015 Gigamon. All rights reserved.

Introduction
Despite increasing investments in security, breaches are still occurring at an alarming
rate. Whether the result of cyber criminals sending phishing or malware attacks through
company emails, nation states targeting organizations IP, or insiders misusing sensitive
data, depending on preventing perimeter breaches has become ineffective. Successful
attacks bypass each layer of prevention using valid user credentials, trusted access
paths, or by exploiting unknown or unpatched vulnerabilities, thus going unnoticed by
preventive controls.
In addition, with the introduction of network virtualization, enterprise IT organizations
are facing a new challenge of securing IT infrastructure across both physical and virtual
networks. Just monitoring physical connections leaves you blind to a large and vital part
of your infrastructure; using virtualized security tools within your datacenter often means
the physical and virtual traffic cannot be correlated for analysis. A new approach is needed.

The Gigamon and RSA Joint Solution

Together RSA Security Analytics and the GigaSECURE Security Delivery Platform provide
pervasive and intelligent visibility into the physical and virtual networksin particular the
VMware NSX platform.
RSA Security Analytics provides a monitoring and investigation platform to detect
advanced threats, while focusing on the most important incidents so security teams can
rapidly investigate. It provides real-time collecting, filtering, enrichment and analysis of
network packets, NetFlow, endpoint and log data via a highly configurable infrastructure.
Ensuring that RSA Security Analytics has access to the right virtual traffic and network
metadata from all across the network is where GigaSECURE platform comes in.
The platform consists of distributed physical (GigaVUE H Series platforms) and virtual
(GigaVUE-VM) nodes that provide an advanced level of filtering intelligence, managed as
a single fabric. At its heart is Gigamons patented Flow Mapping technology that identifies
and directs incoming traffic to single or multiple tools based on user-defined rules.
The GigaVUE-VM delivers the same traffic identification, selection and direction
capabilities as exists on Gigamons physical nodes. This enables RSA Security Analytics
to establish visibility to virtual network traffic within the hypervisor or across multiple
hypervisors. The GigaSECURE platform is able to detect vMotion events and when a VM
is moved from one hypervisor to another, the GigaSECURE Security Delivery Platform
will track the VM and dynamically configure the fabric to maintain continuous visibility.
This combination is an ideal solution for organizations interested in enabling their IT
organization to investigate what was targeted, how the exploit occurred, how the
attacker moved laterally and the magnitude of the attack across physical and virtual
infrastructures.

Joint Solution Brief: Securing the Software Defined Data Center

Internet

SIEM

Network Forensics

Routers

GigaSECURE Security Delivery Platform

Spine
switches

Leaf
switches

Virtualized
Server Farm

GigaVUE-VM and
GigaVUE Nodes

NetFlow / IPFIX
Generation

Application
Session Filtering

SSL
Decryption

Inline
Bypass

GigaVUE-VM

About RSA

About Gigamon

RSAs Intelligence Driven Security solutions help organizations reduce

the risks of operating in a digital world. Through visibility, analysis, and
action, RSA solutions give customers the ability to detect, investigate
and respond to advanced threats; confirm and manage identities; and
ultimately, help prevent IP theft, fraud and cybercrime.

Gigamon provides the GigaSECURE Security Delivery Platform

to enable the management of increasingly complex networks.
Gigamon technology empowers infrastructure architects, managers
and operators with pervasive visibility and control of traffic across both
physical and virtual environments without affecting the performance or
stability of the production network. Through patented technologies,
centralized management and a portfolio of high availability and
high-density fabric nodes, network traffic is intelligently delivered to
management, monitoring and security systems. Gigamon solutions
have been deployed globally across enterprise, data centers and
service providers, including over half of the Fortune 100 and many
government and federal agencies.

Learn More
For more information on the RSA and Gigamon solution, contact:
176 South Street
Hopkinton MA 01748
Phone: +1-866-438-3622
http://www.emc.com/security/

2014-2015 Gigamon. All rights reserved. Gigamon and the Gigamon logo are trademarks of Gigamon in the United States and/or
other countries. Gigamon trademarks can be found at www.gigamon.com/legal-trademarks. All other trademarks are the trademarks
of their respective owners. Gigamon reserves the right to change, modify, transfer, or otherwise revise this publication without notice.

3300 Olcott Street, Santa Clara, CA 95054 USA | +1 (408) 831-4000 | www.gigamon.com

3300 Olcott Street

Santa Clara, CA 95054
Phone: +1 (408) 831-4000
www.gigamon.com

3071-01 09/15